3 matches found
CVE-2013-4380
Cross-site scripting XSS vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer mediafront" permission to inject arbitrary web script or HTML via the preset settings...
CVE-2013-4380
The MediaFront Drupal module is affected by an XSS vulnerability (CVE-2013-4380) in Drupal 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1. The issue arises from insufficient filtering of user input in the MediaFront preset settings, allowing remote authenticated users ...
SA-CONTRIB-2013-074 - MediaFront - Cross Site Scripting (XSS)
The MediaFront module provides a front-end media presentation layer for Drupal The module doesn't sufficiently filter user input from MediaFront preset settings. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer mediafront" to exploit th...